diff --git a/reference/ldap/book.xml b/reference/ldap/book.xml
index 64c39aa2af..0be0fb8d85 100644
--- a/reference/ldap/book.xml
+++ b/reference/ldap/book.xml
@@ -1,11 +1,11 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!-- $Revision$ -->
- 
+
 <book xml:id="book.ldap" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink">
  <?phpdoc extension-membership="bundledexternal" ?>
  <title>Lightweight Directory Access Protocol</title>
  <titleabbrev>LDAP</titleabbrev>
- 
+
  <!-- {{{ preface -->
  <preface xml:id="intro.ldap">
   &reftitle.intro;
@@ -13,9 +13,9 @@
    LDAP is the Lightweight Directory Access Protocol, and is a
    protocol used to access "Directory Servers". The Directory is a
    special kind of database that holds information in a tree
-   structure.  
+   structure.
   </para>
-  <para> 
+  <para>
    The concept is similar to your hard disk directory structure,
    except that in this context, the root directory is "The world"
    and the first level subdirectories are "countries". Lower levels
@@ -34,7 +34,7 @@
    The forwards slash marks each division in the reference, and the
    sequence is read from left to right.
   </para>
-  <para> 
+  <para>
    The equivalent to the fully qualified file reference in LDAP is
    the "distinguished name", referred to simply as "dn". An example
    dn might be:
@@ -84,17 +84,18 @@
    </listitem>
   </itemizedlist>
 
-  <para>    
+  <para>
    The Netscape SDK contains a helpful
    <link xlink:href="&url.ldap.netscape.sdk.docs;">Programmer's Guide</link> in
    HTML format.
   </para>
  </preface>
  <!-- }}} -->
- 
+
  &reference.ldap.setup;
  &reference.ldap.constants;
  &reference.ldap.using;
+ &reference.ldap.controls;
  &reference.ldap.examples;
  &reference.ldap.reference;
 
diff --git a/reference/ldap/controls.xml b/reference/ldap/controls.xml
new file mode 100644
index 0000000000..2d8ef5f8a9
--- /dev/null
+++ b/reference/ldap/controls.xml
@@ -0,0 +1,207 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- $Revision: 288721 $ -->
+
+<chapter xml:id="ldap.controls" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink">
+ <title>LDAP controls</title>
+ <para>
+   Controls are special objects which may be send alongside an
+   LDAP request to alter LDAP server behavior while performing
+   the request. There may also be controls sent by the server
+   alongside the response to provide more information, usually
+   to answer a control object from the request.
+ </para>
+
+ <para>
+   As of PHP 7.3, you can send controls with your request in all
+   request functions using the serverctrls parameter. When a ext
+   version of a function exists, you should use it if you want to
+   get access to the full response object and be able to parse
+   response controls from it using <function>ldap_parse_result</function>.
+ </para>
+
+ <para>
+   serverctrls must be an array containing an array for each control to send,
+   containing the following keys:
+   <variablelist>
+    <varlistentry>
+     <term>
+      oid
+      (<type>string</type>)
+     </term>
+     <listitem>
+      <simpara>
+       The OID of the control. You should use constants starting with
+       LDAP_CONTROL_ for this. See <link>ldap.constants</link>
+      </simpara>
+     </listitem>
+    </varlistentry>
+    <varlistentry>
+     <term>
+      iscritical
+      (<type>boolean</type>)
+     </term>
+     <listitem>
+      <simpara>
+       If a control is noted as critical, the request will fail if the
+       control is not supported by the server, or if it fails to be
+       applied. Note that some controls should always be marked as critical
+       as noted in the RFC introducing them. Defaults to &false;.
+      </simpara>
+     </listitem>
+    </varlistentry>
+    <varlistentry>
+     <term>
+      value
+      (<type>mixed</type>)
+     </term>
+     <listitem>
+      <simpara>
+       If applicable, the value of the control. Read below for more information.
+      </simpara>
+     </listitem>
+    </varlistentry>
+   </variablelist>
+
+ </para>
+
+ <para>
+   Most control values are sent to the server BER-encoded.
+   You may either BER-encode the value yourself, or you can instead
+   pass an array with the correct keys so that the encoding is done
+   for you.
+   Supported controls to be passed as an array are:
+  <itemizedlist>
+   <listitem>
+    <para>
+     <constant>LDAP_CONTROL_PAGEDRESULTS</constant>
+     Expected keys are [size] and [cookie]
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <constant>LDAP_CONTROL_ASSERT</constant>
+     Expected key is filter
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <constant>LDAP_CONTROL_VALUESRETURNFILTER</constant>
+     Expected key is filter
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <constant>LDAP_CONTROL_PRE_READ</constant>
+     Expected key is attrs
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <constant>LDAP_CONTROL_POST_READ</constant>
+     Expected key is attrs
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <constant>LDAP_CONTROL_SORTREQUEST</constant>
+     Expects an array of arrays with keys attr, [oid], [reverse].
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <constant>LDAP_CONTROL_VLVREQUEST</constant>
+     Expected keys are before, after, attrvalue|(offset, count), [context]
+    </para>
+   </listitem>
+  </itemizedlist>
+ </para>
+
+ <para>
+   The following controls do not need any value:
+  <itemizedlist>
+   <listitem>
+    <para>
+     <constant>LDAP_CONTROL_MANAGEDSAIT</constant>
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <constant>LDAP_CONTROL_DONTUSECOPY</constant>
+    </para>
+   </listitem>
+  </itemizedlist>
+ </para>
+
+ <para>
+   The control <constant>LDAP_CONTROL_PROXY_AUTHZ</constant> is a special case
+   as its value is not expected to be BER-encoded, so you can directly
+   use a string for its value.
+ </para>
+
+ <para>
+   When controls are parsed by <function>ldap_parse_result</function>, values are
+   turned into an array if supported.
+   This is supported for:
+  <itemizedlist>
+   <listitem>
+    <para>
+     <constant>LDAP_CONTROL_PASSWORDPOLICYRESPONSE</constant>
+     Keys are expire, grace, [error]
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <constant>LDAP_CONTROL_PAGEDRESULTS</constant>
+     Keys are size, cookie
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <constant>LDAP_CONTROL_PRE_READ</constant>
+     Keys are dn and LDAP attributes names
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <constant>LDAP_CONTROL_POST_READ</constant>
+     Keys are dn and LDAP attributes names
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <constant>LDAP_CONTROL_SORTRESPONSE</constant>
+     Keys are errcode, [attribute]
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <constant>LDAP_CONTROL_VLVRESPONSE</constant>
+     Keys are target, count, errcode, context
+    </para>
+   </listitem>
+  </itemizedlist>
+ </para>
+</chapter>
+
+<!-- Keep this comment at the end of the file
+Local variables:
+mode: sgml
+sgml-omittag:t
+sgml-shorttag:t
+sgml-minimize-attributes:nil
+sgml-always-quote-attributes:t
+sgml-indent-step:1
+sgml-indent-data:t
+indent-tabs-mode:nil
+sgml-parent-document:nil
+sgml-default-dtd-file:"~/.phpdoc/manual.ced"
+sgml-exposed-tags:nil
+sgml-local-catalogs:nil
+sgml-local-ecat-files:nil
+End:
+vim600: syn=xml fen fdm=syntax fdl=2 si
+vim: et tw=78 syn=sgml
+vi: ts=1 sw=1
+-->
+
+